Iraqi insurgents hacked Predator drone feeds, U.S. official indicates

U.S. official: Insurgents used mass-market software program to view live drone feeds

Software, from Russian company, is downloadable off the Internet

No troops or combat missions were compromised, official tells CNN

Vulnerability could date back to the 1990s, military technology analyst says

Washington (CNN) -- Insurgents were able to use a mass-market software program to view live feeds from U.S. military Predator drones monitoring targets in Iraq, a U.S. official indicated to CNN Thursday.

The breach by Iranian-backed Shiite militants was discovered late last year, according to U.S. military and defense officials.

The story was first reported in the Wall Street Journal on Thursday.

The U.S. official, who asked not to be identified because he was not authorized to discuss the information, said no U.S. troops or combat missions had been compromised because of the intrusion.

There also is evidence that unmanned aerial vehicle (UAV) feeds also have been hacked in Afghanistan, according to the Journal article, but there was no evidence the militants were able to take control of the remote aircrafts' systems in either country.

The inexpensive software, created by a Russian company called SkyGrabber, is downloadable off the Internet. It allows users to take advantage of unprotected communication links in some of the UAVs.

A senior defense official who was not authorized to speak about the security breach said, "This was an old issue for us and it has been taken care of," but he would not elaborate on what specifically had been taken care of.

The official said that many of the UAV feeds need to be sent out live to numerous people at one time, and encryption was found to slow the real-time link. The encryption therefore was removed from many feeds.

Removing the encryption, however, allowed outsiders with the correct tools to gain unauthorized access to these feeds.

Pentagon spokesman Bryan Whitman would not comment on any of the article's details but said that any security breaches that arise are addressed.

"The department constantly evaluates and seeks to improve both the performance as well as the security of various intelligence, surveillance, and reconnaissance systems and platforms," Whitman said. "If and when we identify any shortfalls we obviously correct them as a continuous process of seeking both improved capabilities as well as improved security."

Lt. Gen. David Deptula, who is in charge of the Air Force's UAV mission, said the military is trying to fix vulnerabilities with improved encryption on UAV feeds.

"Those kinds of things are subject to listening and exploitation," he told reporters Wednesday when asked about vulnerabilities of UAV systems.

One U.S. official said special operations troops identified the threat "years ago" in Iraq and over the past two years have been "vastly improving" encryption on their various communications systems, including full-motion video.

The official said the United States generally can operate these systems with impunity in third-world countries that don't have the technology to tap into open satellite feeds. However, according to the official, Iran has been pushing the SkyGrabber-like technology to Shiite militants in Iraq essentially to see what the United States is looking at because Iranians believe they will be invaded next.

The vulnerability could date back to the 1990s, said Peter Singer, a military technology analyst for the Brookings Institution.

"In fact, in the Balkans, people with any satellite dish were able to intercept the communications from these systems, and watch special operations raids in Bosnia while sitting in their home," he said.

Before the U.S. invasion of Iraq in 2003, it is believed Saddam Hussein was able to monitor drone feeds. The Iraqis "located and downloaded the unencrypted satellite feed from U.S. military UAVs," a 2005 CIA report surmised.

Somebody has invented a way to use this program outside of its intended purpose.--Andrew Solonikov, one of the developers of SkyGrabber technology

The U.S. military and intelligence operations use pilotless drones in Iraq and Afghanistan both for surveillance and to fire missiles at targets.

While the CIA has never publicly acknowledged it, the agency operates the unmanned planes in Pakistan, where it has used drones to strike at Taliban and al Qaeda operatives, according to officials familiar with the strategy. But a U.S. official with knowledge of CIA and military UAV missions told CNN the drones used in Pakistan missions use encrypted feeds and are not vulnerable to hacking like the military drones used in Iraq.

The official said the drones employed by the intelligence community in Pakistan, which use state-of-the-art encryption technology, are used in a much more limited capacity than the military drones.

One of the developers of the SkyGrabber technology told CNN via e-mail that the software was developed to pull unprotected satellite feeds so that people in Russia could watch TV or gain access to the Internet in areas otherwise unable to get such signals.

"The software is intercepting data received from a satellite dish -- it doesn't say whether or not the data is classified, let alone that it is military data," said Andrew Solonikov.

He said the U.S. military has not contacted him about the reported security breach.

"Even if I wanted to do something about it, I wouldn't know what to do," he said.

Solonikov insisted the software was not developed for the use it has been put to in Iraq.

"[It seems that] somebody has invented a way to use this program outside of its intended purpose," he said. "But generally speaking, this points to a large security gap that the American military has missed."